PT-2020-18767 · Nginx · Nginx Controller

Published

2020-04-23

Updated

2020-04-30

CVE-2020-5866

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions NGINX Controller versions prior to 3.3.0

Description The helper.sh script in NGINX Controller uses sensitive items as command-line arguments, which poses a security risk. This issue is present in versions of NGINX Controller prior to 3.3.0.

Recommendations For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the helper.sh script until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2020-5866

Affected Products

Nginx Controller

PT-2020-18767 · Nginx · Nginx Controller

CVE-2020-5866

Weakness Enumeration

Related Identifiers

Affected Products

References · 5